Cyber Initiative

heavy industry cyber initiative programme case study
Cyber Initiative

APPtechnology was approached in 2020 by a client asking for assistance regarding a Cyber initiative programme. The client, a pan-European heavy manufacturing company, was undertaking a cyber top ten programme to improve infrastructure, processes, and end user compute baseline standards.

The solution from APPtechnology had to adapt to the interdependencies between infrastructure, end points and users.  The operational technology side of the business threw up some interesting challenges, especially facing the technical debt that results from heavy investment operational machinery running on older OS and processes.   Some of the toughest challenges were programmable logic controllers, software and hardware combinations used to manage heavy switch engineering and processes, that were not designed for today’s cyber critical world.  In areas such as these, APPtechnology engineers considered changes to platform, access rights and processes, with some elements requiring the provision of APPtechnology’s Legacy Management Solutions to ringfence or remove attack vectors.

Under strict time constraints, with the diverse nature of the challenges reducing the opportunity for automation or centralisation of control, APPtechnology provided a team of high-level engineers and project management who painstakingly checked and assessed all GPO’s and hardened the in-scope infrastructure.  Once completed, the customer had baseline standards that met the specifications of their cyber initiative. From this baseline security level, the customer now has a standardised framework from which to base future cyber improvements.

The project has been a challenging and educational journey for the customer and APPtechnology, delivered on time and within budget, and we are proud to have been part of their journey in delivering cyber improvements for this nationally significant customer. Transitioning post project, APPtechnology now provide a governance function, being involved in the assessment of future processes that will enable the platform to be continuously updated and secure against ever-increasing threats.